Skip to contentSkip to content
Verified credentials. On-chain. Forever.Learn more
Ewance
Sign in
Cover image for Cyber-Physical Security Audit for a Connected-Building HVAC System
Analysis

Cyber-Physical Security Audit for a Connected-Building HVAC System

FreeVerified credential4 weeksExpert

Overview

What this challenge is about.

Audit one representative tower's BMS: enumerate BACnet devices (network discovery + capability inventory), identify lateral-movement paths (tenant wifi -> guest network -> BACnet, vendor remote access, USB ports on field controllers), test authentication on at least 6 actuator types (HVAC zone control, lighting, access-control panel, elevator-status). Map findings to MITRE ATT&CK for ICS and to ISA/IEC 62443 zones + conduits. Build a 90-day prioritized remediation roadmap covering network segmentation, BACnet/SC migration, vendor-access hardening, and monitoring. Deliver: 18-page audit report, MITRE ATT&CK for ICS mapping, 90-day roadmap, and an executive 4-page summary for the operator + insurer.

CredentialBlockchain-anchored
ShareableLinkedIn-ready
LanguageEnglish
PaceSelf-paced

The Brief

What you'll do, and what you'll demonstrate.

Audit a connected-building HVAC + BMS for cyber-physical risk and deliver a 90-day remediation roadmap acceptable to the operator's cyber insurer.

Earning criteria — what you'll demonstrate

  • Apply ISA/IEC 62443 zones + conduits to a real BMS audit
  • Map cyber-physical findings to MITRE ATT&CK for ICS
  • Prioritize cyber-physical remediation by safety + business impact
  • Communicate OT-security findings to executive + insurer audiences

Program Fit

Where this fits in your program.

Sharpens the same skills your degree expects you to demonstrate.

Careers

Roles this prepares you for.

Real titles. Real skill bridges. Pick the one closest to your trajectory.

Career paths this builds toward

Canonical roles

One more thing

You can put a credential on your CV by Friday.